Around the year 2000-2002 (back in the days when Snort was still super young (and I haven’t heard of it yet), I decided to write a small network traffic analyser, which could serve as a “poor man’s intrusion detection system”. It was basically a C daemon configured with a ini-like configuration file, watching for network events.
If I remember correctly, I wanted a way to detect the (then pretty new and fancy) nmap stealth-scan mechanisms (like half-open, xmas, etc), and counter them with alerts and on-demand firewall rules.
I just stumbled upon the old C source on my
harddrive ssd on my macOS machine and tried
make just to see what would happen. Back then I operated some FreeBSD/ OpenBSD and Linux servers, and I didn’t really expect much to happen besides tons of errors.
As it apparently still compiles and runs today (even on macOS), I’ve decided to upload the code to Github.